New Data Privacy Law for Citizens of Belgium, the Act

January 06, 2022 | 4 minutes read
New Data Privacy Law for Citizens of Belgium, the Act

Belgium’s Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data or the Act for short is a data privacy law that was recently passed in 2018. As Belgium is one of the various European countries that comprise the EU, the Act was enacted for the purposes of implementing the General Data Protection Regulation into Belgian law. To this end, Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data and the EU’s GDPR law represent the legal basis for the collection and processing of personal data within Belgium. Furthermore, the law also empowers the Belgian Data Protection Authority or DPA to enforce the provisions of the law.

What are the differences between the Act and the EU’s GDPR law?

Many of the provisions of Belgium’s Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data remain unchanged when compared with the EU’s GDPR law. However, there are some differences between the two pieces of legislation, particularly as it relates to the requirements of data controllers and processors. To illustrate this point further, the Act contains a general provision that requires data controllers and processors within Belgium to “be accredited by the national accreditation body named in accordance with Regulation (EC).” Alternatively, the Act also places certain restrictions on the collection and processing of special categories of personal data

Under the Act, any “controller processing genetic data, biometric data, or data concerning health” is responsible for taking a variety of additional measures when handling such forms of data. These measures include but are not limited to designating the categories of individuals who will have access to these special categories of personal data, meticulously describing the capacity of these individuals with regard to the processing of all data concerned, and maintaining a list of the “categories of persons at the disposal of the competent supervisory authority;” Conversely, the law also requires that parties involved in the collection and processing of special categories of personal data are bound by “a legal or legal obligation or by an equivalent contractual provision to respect the confidential nature of the data concerned.”

What are the rights of data subjects under the Act when compared with the EU’s GDPR law?

The rights of Belgian citizens under Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data are the same as those offered to citizens of other EU member states under the General Data Protection Regulation. These rights include the following:

In terms of the penalties and sanctions that can be imposed against data controllers and processors who fail to comply with the law, Belgium’s Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data is enforced by the Supervisory Body for Police Information Management or the Supervisory Body for short. To this point, the Supervisory Body has the authority to impose a variety of sanctions and punishments against data controllers and processors within Belgium who fail to comply with the law. Such penalties include “a fine of five hundred euro to thirty thousand euro ($564 to $33,871)”, a fine of up to 4% of a particular business’s or organization’s global revenue for a given fiscal year, as well as criminal and civil liabilities.

Examples of actions that could lead to such punishments include “processing personal data in contravention of the conditions for processing imposed by articles 75, 109, 141 and 170 and any person acting under the authority of the authority referred to in Title 3 or its processor, who through personal negligence, provided it can be qualified as serious, or maliciously, processes data in contravention of the conditions imposed by articles 75, 109, 141 and 170”, as well as “extracting the data subject’s consent to the processing of personal data relating to him or her, uses matters of fact, violence, threats, gifts or promises.” The Act also states that “without prejudice to specific provisions, the controller, the processor, or its representative in Belgium shall be liable for the payment of the fines his attendant or authorized representative are ordered to pay.”

Through the implementation of the EU’s GDPR law in conjunction with the passing of Belgium’s Act of 30 July 2018 on the Protection of Natural Persons with Regard to the Processing of Personal Data, Belgian citizens were provided with legal protections and guarantees concerning their personal data and in turn, privacy. As both the Act and the EU’s GDPR law allow for violators of such laws to be punished in a manner that is severe, Belgian citizens can rest assured that their personal data is being safeguarded in the most efficient manner possible. In this way, the European Union contains to be a model regulatory authority as it relates to the protection of personal data on a global scale.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »